Re: [PATCH RESEND] mm: don't zero ballooned pages

From: Wei Wang
Date: Thu Aug 03 2017 - 09:16:11 EST

On 08/03/2017 08:54 PM, Michal Hocko wrote:
On Thu 03-08-17 19:59:17, Wei Wang wrote:
This patch is a revert of 'commit bb01b64cfab7 ("mm/balloon_compaction.c:
enqueue zero page to balloon device")'

Ballooned pages will be marked as MADV_DONTNEED by the hypervisor and
shouldn't be given to the host ksmd to scan.
I find MADV_DONTNEED reference still quite confusing. What do you think
about the following wording instead:
Zeroying ballon pages is rather time consuming, especially when a lot of
pages are in flight. E.g. 7GB worth of ballooned memory takes 2.8s with
__GFP_ZERO while it takes ~491ms without it. The original commit argued
that zeroying will help ksmd to merge these pages on the host but this
argument is assuming that the host actually marks balloon pages for ksm
which is not universally true. So we pay performance penalty for
something that even might not be used in the end which is wrong. The
host can zero out pages on its own when there is a need.

I think it looks good. Thanks.

Therefore, it is not
necessary to zero ballooned pages, which is very time consuming when
the page amount is large. The ongoing fast balloon tests show that the
time to balloon 7G pages is increased from ~491ms to 2.8 seconds with
__GFP_ZERO added. So, this patch removes the flag.
The only reason why unconditional zeroying makes some sense is the
data leak protection (guest doesn't want to leak potentially sensitive
data to a malicious guest). I am not sure such a thread applies here

I think the unwashed contents left in the balloon pages (also free pages)
should be treated non-confidential - if the guest application has
confidential content in its memory, the application itself should zero that
before giving back that memory to the guest kernel.